Tilmeld\Tilmeld::checkPermissions

Check an entity's permissions for a user.

This will check the AC (Access Control) properties of the entity. These include the following properties: - acUser - acGroup - acOther - acRead - acWrite - acFull "acUser" refers to the entity's owner, "acGroup" refers to all users in the entity's group and all ancestor groups, and "acOther" refers to any user who doesn't fit these descriptions. Each of these properties should be either NO_ACCESS, READ_ACCESS, WRITE_ACCESS, or FULL_ACCESS. - NO_ACCESS - the user has no access to the entity. - READ_ACCESS, the user has read access to the entity. - WRITE_ACCESS, the user has read and write access to the entity, but can't delete it, change its access controls, or change its ownership. - FULL_ACCESS, the user has read, write, and delete access to the entity, as well as being able to manage its access controls and ownership. These properties defaults to: - acUser = Tilmeld::FULL_ACCESS - acGroup = Tilmeld::READ_ACCESS - acOther = Tilmeld::NO_ACCESS "acRead", "acWrite", and "acFull" are arrays of users and/or groups that also have those permissions. Only users with FULL_ACCESS have the ability to change any of the ac*, user, and group properties. The following conditions will result in different checks, which determine whether the check passes: - The user has the "system/admin" ability. (Always true.) - It is a user or group. (True for READ_ACCESS or Tilmeld admins.) - The entity has no "user" and no "group". (Always true.) - No user is logged in. (Check other AC.) - The entity is the user. (Always true.) - It is the user's primary group. (True for READ_ACCESS.) - The user or its groups are listed in "acRead". (True for READ_ACCESS.) - The user or its groups are listed in "acWrite". (True for READ_ACCESS and WRITE_ACCESS.) - The user or its groups are listed in "acFull". (Always true.) - Its "user" is the user. (It is owned by the user.) (Check user AC.) - Its "group" is the user's primary group. (Check group AC.) - Its "group" is one of the user's secondary groups. (Check group AC.) - Its "group" is a descendant of one of the user's groups. (Check group AC.) - None of the above. (Check other AC.)